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Remarks 

In view of the following discussion, the Applicant submits that none of the 
claims now pending in the application are non-enabling, anticipated, or obvious 
under the respective provisions of 35 LLS.C. § 112, §102, and §103. Thus, the 
Applicant believes that all of these claims are now in allowable form. 

It is to be understood that the Applicant, does not acquiesce to the 
Examinees characterizations of the art of record or to Applicants subject matter 
recited in the pending claims. Further, Applicant is not acquiescing to the 
Examinees statements as to the applicability of the prior art of record to the 
pending claims by filing this Response. 

Rejections 

Rejections of claims under 35 U.S.C. 5 102 

Claims 1-9 are rejected under 35 U.S. C. §1 02(e) as being anticipated by 
U S. Patent Application Publication Number 2002/003 11 34 published March 14, 
2002 to Poletto et al. (hereinafter Poletto). Specifically, the Examiner alleges that 
Poletto discloses a method for thwarting coordinated SYN denial of service 
attacks against a server in a network. The Examiner offers that Poletto discloses 
controlling a network switch to divert a predetermined fraction of SYN packets 
destined for server, to a web guard processor, per paragraphs 0004-0008, 
establishing the first and second TCP connections between the web guard 
processor, client and server (per paragraphs 0060-0062), monitoring the number 
of timed out connections between the web guard processor and one or more 
clients (per paragraph 0062-0063), and if the number of timed-out connections 
between the web guard processor and said one or more clients exceeds a first 
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predetermined threshold, controlling said switch to divert all SYN packets 
destined to said web guard processor (per paragraph 0063-0072). The Examiner 
also uses the above-identified portions of Poletto to allege anticipation of 
elements of additional claims 2, 5, 6, 7, 8, and 9. In response the rejection is 
respectfully traversed. 

Applicant offers that while Poletto is in the technical field of the subject 
invention, there are deficiencies in the exact teachings of Poletto. "Anticipation 
requires the presence in a single prior art reference disclosure of each and every 
element of the claimed invention , arranged as in the claim" (Lindemann 
Maschinenfabrik GmbH v. American Hoist & Derrick Co. . 730 F.2d 1452, 221 
USPQ 481, 485 (Fed, Cir. 1984) (citing Connell v. Sears. Roebuck & Co. . 722 
F.2d 1542, 220 USPQ 193 (Fed. Cir. 1983)) (emphasis added). Poletto fails to 
disclose each and every element of the claimed invention, as arranged in the 
claim. 

The Examiner has expanded upon the claim language to force the 
teachings of the prior art to fit the claimed element, and thereby support the 
conclusion of anticipation. Such action is not permissible. The prior art must be 
such that a person of ordinary skill in the field of the invention would consider 
there to be no difference between the claimed invention and the reference 
disclosure. Scripps Clinic & Research Foundation v. Genentech. Inc. , 927 F.2d 
1565, 18 USPQ 2d 1001 , 1010 (Fed. Cir. 1991). In other words, the prior art 
reference must put the claimed invention in the hand of one skilled in the art. in 
re Donohue , 766 F.2d 531, 533, 226 USPQ 619, 621 (Fed. Cir. 1985). 

Specifically, Poletto does not teach or disclose controlling network switch 
to divert a predetermined fraction of SYN packets in accordance with the subject 
invention. The Examiner cites Paragraphs 0004-0008 to support this claimed 
aspect. However, Applicant respectfully submits that Paragraphs 0004-0008 
encompass the Summary of the invention section of Poletto and do not go into 
the level of detail that is recited in the claimed feature. Specifically, Paragraph 
0004 provides for, "the computing device (of Poletto) includes a monitoring 
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process that monitors network traffic through the gateway and the 
communication process that can communicate statistics collected in the gateway 
from the monitoring process with a control center..." The other paragraphs have 
explanations that are similar in scope or are not particularly related to the claimed 
aspect. That is, at no point in Paragraphs 0004-0008 is there an explicit 
recitation of diverting a predetermined fraction of SYN packets. All that is offered 
In the summary of Poletto is that there is a monitoring process. However, there 
are no details as to what this monitoring process monitors and how the 
monitoring is accomplished. For example, how many packets are monitored? 
Are such packets a fraction of the total amount of SYN packets destined to a 
server? Some further description in the reference is necessary to provide 
sufficient details to truly show anticipation of the subject claimed feature. 

The Examiner then relies upon the disclosure of Paragraphs 0060-0072 to 
support his findings of the additional claimed features of the subject invention. 
However, upon reviewing same, Applicant respectfully submits that while these 
paragraphs do go into greater detail regarding the transfer of SYN packets, 
SYN_ACK packets and ACK packets during the TCP handshake connection 
initialization between a client and a server in the network, it is respectfully 
submitted that the teachings are still not anticipatory. 

Specifically, Applicant submits that Paragraph 0062 is paramount to the 
overall understanding of the invention of Poletto and the details of how it goes 
about preventing SYN attacks. Specifically, the Gateway 26 of Poletto acts as an 
intermediary for all SYN packets that travel from a client to a server. That is, "the 
Gateway forwards a resulting SYN ACK packet from a server to a client and 
immediately sends an ACK packet to the server closing a 3-way handshake.... if 
the ACK packet does not arrive from the client to the server 110, the gateway 
sends a reset message to the server to close the connection." (Paragraph 0062) 
Therefore, it is respectfully submitted that Poletto handles potention SYN attacks 
by having its gateway 26 act as an intermediary for every single SYN packet that 
is sent from a client to a server. That is, and is claimed, there is no network 
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switch that diverts a predetermined fraction of SYN packets destined for a server 
to a web guard processor because, in fact, it is necessary for all such packets in 
Poletto to be processed in the manner disclosed by Poletto and as quoted herein 
by Applicant for Poletto to properly function. As such, it is respectfully submitted 
that there is no step of diverting a predetermined fraction of SYN packets and as 
such, there cannot be a subsequent step of diverting all SYN packets if the 
number of timed-out connections exceeds a threshold value because all SYN 
packets in Poletto are already being processed. 

Applicants reasoning is also supported by Paragraph 0072 wherein 
Poletto discusses the collection of statistical summary information of traffic over 
different periods of time and at different levels of detail since the Gateway may 
keep mean and standard deviation of values for a chosen set of parameters. 
Such statistical operations require the inclusion of all data points (or processed 
SYN packets) to arrive at the correct value according to the mathematical 
definitions of same. It is respectfully submitted that all occurrences of SYN 
packet transmission are acted upon the same way in the gateway. That is, there 
is no diverting of a predetermined fraction of SYN packets and a subsequent 
diversion of all SYN packets should the threshold be reached in Poletto as 
claimed by the Applicant. 

The Examiner also offers the teachings of paragraphs 0048-0055 of 
Poletto as anticipatory teachings to independent claim 7 of the subject invention. 
However, it is respectfully submitted that the Examiner has not reviewed the 
entire reference so as to ascertain the complete teachings of same. Specifically, 
paragraphs 0048-0055 discuss a monitoring process that includes the gateway 
or data collectors keeping track of a metric for each of N different traffic buckets. 
Each of these buckets "are implemented as storage areas in the memory space 
of the data collector or gateway device" (Paragraph 0044 of Poletto). Therefore, 
it is respectfully submitted that for at least this reason, it is submitted that Poletto 
does not teach at least the claimed feature of "arranging a switch receiving said 
SYN packets destined to said server to forward said SYN packets to a TCP proxy 
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arranged to operate without an associated cache ." Specifically, since it is 
necessary to monitor activity and keep account of information in either the data 
collectors or the gateways by storing such information in me mory space as 
buckets, said gateways or data collectors are operating with an associated 
cache; hence, do not anticipate claim 7. Accordingly, it is respectfully submitted 
that for at least the reason cited above, independent claims 1 and 7 are not 
anticipated by the teachings of Poletto. 

As such, the Applicants submit that claims land 7 are not anticipated and 
fully satisfy the requirements under 35 U.S.C. § 102 and are patentable 
thereunder Furthermore, claims 2-6 and 8 and 9 depend, either directly or 
indirectly, from independent claims 1 and 7 and recite additional features thereof. 
As such, and for at least the same reasons discussed above, the Applicants 
submit that these dependent claims also fully satisfy the requirements under 35 
U.S.C. § 102 and are patentable thereunder. Therefore, the Applicants 
respectfully request that the rejection be withdrawn. 



CONCLUSION 

Thus, the Applicants submit that claims 1-9 are in condition for allowance. 
Furthermore, the specification and Abstract has been amended as requested by 
the Examiner. Accordingly, both reconsideration of this application and its swift 
passage to issue are earnestly solicited. 

If, however, the Examiner believes that there are any unresolved issues 
requiring adverse final action in any of the claims now pending in the application, 



PAGE 8/9 * RCVD AT 9/2/2004 3:34:58 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/5 " DN1S:8729306 * CSID:732 530 9808 * DURATION (rnm-ss):03-10 



09/02/04 14:43 FAX 732 530 9 808 MOSER PATTERSON SHERIDAN -> PTO 121009 



Response under 37 C.F.R. 1.111 
Serial No. 09/672,206 
Page 7 of 7 

it is requested that the Examiner telephone Mr. Joseph Paanotta or Mr, Eamon J. 
Wall at (732) 530-9404 so that appropriate arrangements can be made for 
resolving such issues as expeditiously as possible. 



Respectfully submitted, 





seph Pagnotta, Agent 
Reg. No. 39,322 
(732) 530-9404 



Moser, Patterson & Sheridan, LLP 
595 Shrewsbury Avenue 
Suite 100 

Shrewsbury, New Jersey 07702 
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I hereby certify that this correspondence is being deposited with the United 
States Postal Service with sufficient postage for first class mail in an envelope 
addressed to: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313- 
1450, or being facsimile transmitted to the USPTO, on the date indicated below. 

Date/ 6afol Wilson 
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